Not really an issue, question on sslstrip inside virtualbox
Closed this issue · 2 comments
Last night, I was doing a proof of concept of attacking my desktop machines at home. I have a linux running on a virtualbox and configured as bridged. Before I started the spoofing, I checked the connectivity and everything was reachable by ping
- from victim to gateway
- from victim to attacker
- from attacker to victim
- from attacker to gateway
They are all in the same subnet. So I've configured my linux with ip_forward enabled. I enabled it in sysctl.conf so that's persistent even if I restart the vm. The cat tool shows 1 on ip_forward. I also ran the iptables command. Then finally ran 2 arpspoof commands on the linux machine which is the attacker
- arpspoof -i eth0 -t victimip gatewayip
- arpspoof -i eth0 -t gatewayip victimip
Then finally ran sslstrip -l 8080
I went to the victim's machine then opened up Chrome browser. I went to google.com. It was waiting for a response. I didn't see anything thing getting logged on sslstrip. I think after 1 or 2 minutes, the browser showed an error. It was like "unable to communicate". I reloaded google again. It was waiting similar to how I mentioned it earlier. I killed both arpspoof commands and few seconds later, google webpage got displayed on the victim's browser. This tells us that arpspoof was working and that victim was sending to it. I'm just wondering why packets are not being forwarded to the gateway. Is this the behavior when attacker machine is in vm?
I'm going to retry again this time by building a linux on a real machine(not virtualbox) and I'll keep you posted. However, please let me know your thoughts on what I wrote above.
Thanks!
Hi !
I also ran some tests using virtualbox one year ago.
Try using another (less secured) browser like IE on the Victim's computer. I also had some trouble while using Chrome, maybe it has a way to avoid such attacks.
I also found out Eset smart security prevents ARP poisoning attacks.
Hope it will work with IE !
Have a nice day =)
Ah! Thanks! I'll keep you posted tonight.